Database update through a one-way data link

Database update through a one-way data link
US8352450

A database updating application for updating through a one-way data link a remote database in accordance with a change in a reference database is disclosed, which comprises a database trigger client associated with the reference database for generating a database update message in the form of a file or a data packet corresponding to the change in the reference database and sending the database update message to a send node interconnected to a receive node by the one-way data link, and a database trigger server associated with the remote database for receiving the database update message transmitted across the one-way data link and replicating the change on the remote database in accordance with the database update message. The present invention provides database update through a one-way data link that may be implemented efficiently in real time and with a mechanism for verifying the integrity and operability of the one-way data link for the purpose of database update. In addition, the present invention provides a way to combine the functionalities of the conventional database update applications with the security afforded by the use of a one-way data link.

PTO Wrapper PDF
Dossier Espace Google

Patent 8352450
Priority Apr 19 2007
Filed Apr 19 2007
Issued Jan 08 2013
Expiry Jul 25 2027 Extension 97 days
Inventors Holmes, An…
Assg.orig Owl Comput…
Assg.curr OWL Cyber …
Entity Large
Referenced by 74
References 60
Maint.: all paid

FIELD OF THE INVENTI…
BACKGROUND OF THE IN…
SUMMARY OF THE INVEN…
BRIEF DESCRIPTION OF…
DETAILED DESCRIPTION…

21. A non-transitory machine readable medium having instructions stored on a database update system comprising:

a reference database having a processor for executing a database trigger client application,

a remote database having a processor for executing a database trigger server application,

a one-way data link for unidirectional transfer from a send node to a receive node, the send node having a processor for executing a server proxy application, and the receive node having a processor for executing a client proxy application, the instructions, when executed by the system,

causing the database trigger client application to detect a change in the reference database and create a database update message in the form of a file or a data packet corresponding to the change in the reference database, the database update message including sequence and verification information and being compatible with unidirectional dataflow,

cause the database trigger client application to further lock the reference database when generating the database update message, and unlock the reference database after the sequence information is assigned to the database update message,

causing the server proxy application to receive the database update message from the reference database, removing Internet Protocol (IP) information from the database update message, replacing the IP information with a pre-assigned channel number, and relay the database update message with the channel number from the database trigger client application to the one-way data link,

causing the client proxy application to receive the database update message with the channel number from the one-way data link, mapping the channel number of the received database update message to IP information of the remote database, and relay the database update message from the one-way data link to the database trigger server application, and

causing the database trigger server application to replicate the change in the remote database in accordance with the database update message, wherein no bilateral communication between the reference database and the remote database is used for updating the remote database based on the change in the reference database.

1. A database update system, comprising:

a send node;

a receive node;

a one-way data link for unidirectional transfer from the send node to the receive node;

a reference database; and

a remote database,

wherein:

there is no communication route for bilateral communication between the reference database and the remote database;

the reference database comprises a processor for executing a database trigger client application for detecting a change made in the reference database and generating a database update message in the form of a file or a data packet corresponding to the change in the reference database, the database update message including sequence and verification information and being compatible with unidirectional dataflow;

wherein the database trigger client application is configured to lock the reference database when the database update message is being generated and unlock the reference database after the sequence information is assigned to the database update message;

the send node comprises a processor for executing a server proxy application for receiving the database update message from the reference database, removing IP information from the database update message, replacing the Internet Protocol (IP) information with a pre-assigned channel number, and relaying the database update message with the channel number from the reference database to the one-way data link;

the remote database comprises a processor for executing a database trigger server application for receiving the database update message and replicating the change in the remote database in accordance with the database update message transmitted through the one-way data link; and

the receive node comprises a processor for executing a client proxy application for receiving the database update message with the channel number from the one-way data link, mapping the channel number of the received database update message to IP information of the remote database and relaying the database update message from the one-way data link to the remote database,

so that no bilateral communication between the reference database and the remote database is necessary for updating the remote database based on the change in the reference database.

2. The database updating system of claim 1, wherein the database update message comprises commands for replicating the change.

3. The database updating system of claim 2, wherein the commands are Structured Query Language (SQL) commands, Perl commands, Java commands, or basic database commands.

4. The database updating system of claim 1, wherein the database update message comprises a data entry corresponding to the change.

5. The database updating system of claim 1, wherein the database update message corresponds to multiple changes in the reference database.

6. The database updating system of claim 1, wherein the processor for executing the database trigger server application comprises a monitor for validating the sequence information in the database update message.

7. The database updating system of claim 1, wherein the processor for executing the database trigger server application comprises a sorter for sequentially sorting the database update message in accordance with the sequence information.

8. The database updating system of claim 1, wherein the processor for executing the database trigger client application comprises a sorter for sequentially sorting the database update message in accordance with the sequence information.

9. The database updating system of claim 1, wherein the sequence information comprises a sequence number.

10. The database updating system of claim 1, wherein the sequence information comprises a timestamp data.

11. The database updating system of claim 1, wherein the sequence information comprises a sequentially sortable filename.

12. The database updating system of claim 1, wherein the verification information comprises heartbeat messages at predetermined intervals.

13. The database updating system of claim 12, wherein the processor for executing the database trigger server application comprises a monitor for monitoring the heartbeat messages.

14. The database updating system of claim 13, wherein the processor for executing the database trigger server application further comprises a generator of an error indicator based on the monitored heartbeat messages.

15. The database updating system of claim 12, wherein the heartbeat messages comprise a predetermined content known to the database trigger server application.

16. The database updating system of claim 2, wherein the processor for executing the database trigger server application is configured to execute the commands in the database update message for replicating the change on the remote database.

17. The database updating system of claim 16, wherein the commands are SQL commands, Perl commands, Java commands, or basic database commands.

18. The database updating system of claim 16, wherein the processor for executing the database trigger server application comprises a Java script application to open the database update message.

19. The database updating system of claim 1, wherein the server proxy application comprises a Transmission Control Protocol (TCP) server proxy application capable of having bidirectional communications with the database trigger client application.

20. The database updating system of claim 1, wherein the client proxy application comprises a TCP client proxy application capable of having bidirectional communications with the database trigger server application.

22. The non-transitory machine readable medium of claim 21, wherein the database update message comprises commands for replicating the change.

23. The non-transitory machine readable medium of claim 22, wherein the commands are Structured Query Language (SQL) commands, Perl commands, Java commands, or basic database commands.

24. The non-transitory machine readable medium of claim 21, wherein the database update message comprises a data entry corresponding to the change.

25. The non-transitory machine readable medium of claim 21, wherein the database update message corresponds to multiple changes in the reference database.

26. The non-transitory machine readable medium of claim 21, wherein the instructions, when executed by the system, cause the database trigger server application to further validate the sequence information prior to replicating the change in the remote database.

27. The non-transitory machine readable medium of claim 21, wherein the instructions, when executed by the system, cause the database trigger server application to further sort the database update message sequentially in accordance with the sequence information.

28. The non-transitory machine readable medium of claim 21, wherein the instructions, when executed by the system, cause the database trigger client application to further sort the database update message sequentially in accordance with the sequence information.

29. The non-transitory machine readable medium of claim 21, wherein the sequence information comprises a sequence number.

30. The non-transitory machine readable medium of claim 21, wherein the sequence information comprises a timestamp data.

31. The non-transitory machine readable medium of claim 21, wherein the sequence information comprises a sequentially sortable filename.

32. The non-transitory machine readable medium of claim 12, wherein the verification information comprises heartbeat messages at predetermined intervals.

33. The non-transitory machine readable medium of claim 32, wherein the instructions, when executed by the system, cause the database trigger server application to further monitor the heartbeat messages.

34. The non-transitory machine readable medium of claim 33, wherein the instructions, when executed by the system, cause the database trigger server application to further generate an error message based on the result of monitoring the heartbeat messages.

35. The non-transitory machine readable medium of claim 32, wherein the heartbeat messages comprise a predetermined content known to the database trigger server.

36. The non-transitory machine readable medium of claim 22, wherein the step to replicate the change in a remote database in accordance with the database update message by the database trigger server application comprises the step to execute the commands in the database update message.

37. The non-transitory machine readable medium of claim 23, wherein the step to replicate the change in a remote database in accordance with the database update message by the database trigger server application comprises the step to execute the SQL commands.

38. The non-transitory machine readable medium of claim 21, wherein the step to replicate the change in a remote database in accordance with the database update message by the database trigger server application comprises the step to open the database update message by a Java script application.

39. The non-transitory machine readable medium of claim 21, wherein the processor for executing the database trigger client application resides in the reference database.

40. The non-transitory machine readable medium of claim 21, wherein the processor for executing the database trigger server application resides in the remote database.

41. The non-transitory machine readable medium of claim 21, wherein the server proxy application comprises a Transmission Control Protocol (TCP) server proxy application capable of having bidirectional communications with the database trigger client application.

42. The non-transitory machine readable medium of claim 21, wherein the client proxy application comprises a TCP client proxy application capable of having bidirectional communications with the database trigger server application.

43. The non-transitory machine readable medium of claim 21, wherein the step to create a database update message corresponding to the change in the reference database by the database trigger client application comprises the steps to:

read a data entry corresponding to the change from the reference database;

generate SQL commands for replicating the data entry; and

write the data entry and the SQL commands to the database update message having a unique filename,

and the step to replicate the change in the remote database in accordance with the database update message by the database trigger server application comprises the steps to:

execute a Java script application to open the database update message; and

execute the SQL commands in the database update message to replicate the data entry on the remote database.

FIELD OF THE INVENTION

The present invention generally relates to unidirectional data transfer. More specifically, the present invention relates to mirroring databases communicable through a one-way data link and related database update techniques.

BACKGROUND OF THE INVENTION

Protection of a computer or data network against undesired and unauthorized data disclosure has been a perennial concern in the field of computer and network security. For example, firewall and anti-spyware software have been developed to address security concerns for computers and networks connected to the Internet and to protect them from possible cyberattacks such as Trojan horse-type viruses or worms that may trigger undesired and unauthorized data disclosure by these computers and networks. However, for high security computer networks such as those used by government agencies and intelligence communities and certain commercial applications, the conventional network security devices such as firewalls may not provide sufficiently reliable protection from undesired data disclosure.

Alternative network security methods and devices have been devised to address the network security concern. For example, U.S. Pat. No. 5,703,562 to Nilsen (the '562 patent”), the contents of which are hereby incorporated by reference in their entirety, provides an alternative way to address the network security concern. The '562 patent discloses a method of transferring data from an unsecured computer to a secured computer over a one-way optical data link comprising an optical transmitter on the sending side and an optical receiver on the receiving side. By providing such an inherently unidirectional data link to a computer/data link to be protected, one can eliminate any possibility of unintended data leakage out of the computer/data network over the same link.

As attacks on computers and networks generally require a bidirectional link over which the attacking computer can make unauthorized retrieval of data from a target computer or network, a one-way data link provides a structural defense by insulating the target computer or network against unintended leakage from “probing” attacks from the outside, while still allowing data transfer from the external source in a controlled fashion. FIG. 1 schematically illustrates an example of one such one-way data transfer system 100. In the one-way data transfer system shown in FIG. 1, two computing platforms (or nodes) 101 and 102 (respectively, “the Send Node” and “the Receive Node”) are connected to the unsecured external network 104 (“the source network”) and the secure network 105 (“the destination network”), respectively. The Send Node 101 is connected to the Receive Node 102 by a one-way data link 103, which may be an optical link comprising, for example, a high-bandwidth optical fiber. This one-way data link 103 may be configured to operate as a unidirectional data gateway from the source network 104 to the secure destination network 105 by having its ends connected to an optical transmitter on the Send Node and to an optical receiver on the Receive Node.

This configuration physically enforces one-way data transfer at both ends of the optical fiber connecting the Send Node 101 to the Receive Node 102, thereby creating a truly unidirectional one-way data link between the source network 104 and the destination network 105 shown in FIG. 1. Unlike the conventional firewalls, one-way data transfer systems based on a one-way data link are designed to transfer data or information only in one direction and it is physically impossible to transfer data or information of any kind in the reverse direction. No information or data of any kind, including handshaking protocols such as those used in data transport protocols such as TCP/IP, SCSI, USB, Serial/Parallel Ports, etc., can travel in the reverse direction from the Receive Node back to the Send Node across the one-way data link. Such physically imposed unidirectionality in data flow cannot be hacked by a programmer, as is often done with firewalls. Accordingly, the one-way data transfer system based on a one-way data link ensures that data residing on the isolated secure computer or network is maximally protected from any undesired and unauthorized disclosure.

While the use of a one-way data link affords significant improvements in network security, it also introduces novel problems in performing common network functions, such as updating of databases, that have been developed for bilateral communication channels. Updating, or replicating, networked databases is common network function involved in a number of applications including but not limited to, data archival, disaster recovery, and “mining” data for analysis without undue consumption of network resources. While the database update techniques for databases networked via bilateral links is a mature art which has been developed by many companies such as Oracle, such techniques cannot be directly applied to databases coupled via a unidirectional link, because implementation of the conventional database update techniques often requires a large amount of bilateral communications.

Because of many advantages in network security that are discussed above, it is often desirable and necessary to update databases through a one-way data link. Such system would be of great value to, for example, governmental agencies, intelligence communities, secure commercial applications and other users of highly secure networks that require constant updating of databases in their network.

One possible approach for updating databases through a one-way link would be a “brute force” method of replicating an entire database across the one-way link. However, such approach is inefficient in the use of available network resources and furthermore may be impractically slow depending on the size of the database to be copied.

It is an object of the present invention to provide an efficient approach for updating and replicating databases through a one-way data link.

It is yet another object of the present invention to provide a database update technique capable of effectuating incremental database updates in real time through a one-way data link.

It is yet another object of the present invention to provide a command-based database replication/update approach for databases connected by one-way data links.

It is yet another object of the present invention to utilize the functionalities of the conventional database update techniques based on bilateral communications in a data transfer system based on a one-way data link.

It is yet another object of the present invention to resolve sequencing conflicts and implement database update through a one-way data link in a sequential manner.

It is yet another object of the present invention to provide a mechanism for verifying the operability of a one-way data link in connection with database update function through the one-way data link.

It is yet another object of the present invention to provide a mechanism for detecting an error during the database update through a one-way data link and initiating necessary recovery procedures in case of detecting an error.

Other objects and advantages of the present invention will become apparent from the following description.

SUMMARY OF THE INVENTION

It has now been found that the above and related objects of the present invention are obtained in the form of a system and method for triggering database updates across a one-way link.

More particularly, the present invention relates to a database updating application for updating a remote database in accordance with a change in a reference database through a one-way data link, comprising a database trigger client associated with the reference database for generating a database update message in the form of a file or a data packet corresponding to the change in the reference database and sending the database update message to a send node interconnected to a receive node by the one-way data link, and a database trigger server associated with the remote database for receiving the database update message transmitted across the one-way data link and implementing the change in the remote database in accordance with the database update message.

The present invention is also directed to a database update system, comprising a send node, a receive node, a one-way data link interconnecting the send node and the receive node, a database trigger client for generating a database update message in the form of a file or a data packet corresponding to a change in a reference database and a database trigger server for implementing the change in a remote database in accordance with the database update message, wherein the database trigger client is communicatively coupled to the send node and the database trigger server is communicatively coupled to the receive node.

In addition, the present invention is also directed to a machine readable medium having instructions stored on a database trigger client, which is communicatively coupled to a send node, and on a database trigger server, which is communicatively coupled to a receive node, wherein the send node and the receive node are interconnected by a one-way data link, the instructions, when executed by the database trigger client, causing the database trigger client to create a database update message in the form of a file or a data packet corresponding to a change in a reference database, and transmit the database update message to the send node so that the send node can send the database update message to the receive node across the one-way data link, and the instructions, when executed by the database trigger server, causing the database trigger server to receive the database update message from the receive node, and implement the change in a remote database in accordance with the database update message.

These and other features of this invention are described in, or are apparent from, the following detailed description of various exemplary embodiments of this invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and related objects, features and advantages of the present invention will be more fully understood by reference to the following, detailed description of the preferred, albeit, illustrative, embodiment of the present invention when taken in conjunction with the accompanying figures, wherein:

FIG. 1 schematically illustrates an example of a secure one-way data transfer system based on a one-way data link.

FIG. 2 is a functional block diagram that schematically illustrates TCP-based data packet transfer across a one-way data link.

FIG. 3 is a functional block diagram that schematically illustrates TCP-based file transfer across a one-way data link.

FIG. 4 is a functional block diagram that schematically illustrates one possible embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Under suitable arrangements, data based on various conventional transport protocols may be transferred across a one-way data link despite the inherent unidirectionality of data transfer across the one-way data link. The following examples illustrate transfer of data packets or files based on the Transmission Control Protocol (TCP) across a one-way data link, but it is noted that implementation of the present invention is not limited to any particular data transport protocol. FIG. 2 is a functional block diagram that schematically illustrates implementation of a TCP-based secure data packet transfer across a single one-way data link in a one-way data transfer system 200. Construction of the conventional TCP sockets requires bilateral communications for it requires an acknowledgement channel from the receive node to the send node. Accordingly, the conventional TCP/IP protocol cannot be implemented directly in a one-way data transfer system based on a one-way data link, since no bilateral “hand shaking” is allowed over the one-way link due to physical enforcement of unidirectionality of data flow. Instead, the one-way data transfer system 200 illustrated in FIG. 2 uses a TCP simulation application called TCP proxy, which is preferably a TCP/IP socket-based proxy software, but may also be hardware-based or based on a suitable combination of software and hardware, to simulate the TCP/IP protocol across the one-way data link 207.

A TCP server proxy 205 fully implements the TCP/IP protocol in its bilateral communications 203 with the upstream TCP/IP data packet client 202 residing in a source platform 201. The TCP server proxy 205 may reside within the send node 204 as shown in FIG. 2, or alternatively, may be separate from but coupled to the send node 204.

When the TCP server proxy 205 receives the data packets from the TCP/IP data packet client 202, it removes the IP information normally carried in the data packets under the TCP/IP protocol and replaces it with pre-assigned channel numbers, so that no IP information is sent across the one-way data link 207. Instead, IP routes may be defined at the time of the configuration of the system 200 in the form of channel mapping tables residing in the TCP server proxy 205 associated with the send node 204 and the TCP client proxy 210 associated with the receive node 208. The send node 204 then sends the data packet with the pre-assigned channel numbers to the receive node 208 through its interface 206 across the one-way data link 207, which are received by the receive node 208 through its interface 209. A TCP client proxy 210, which may or may not reside in the receive node 208, then maps the channel numbers from the received data packet to the corresponding predetermined IP address of a destination platform 212. Like the TCP server proxy 205, the TCP client proxy 210 acts as a TCP/IP client, fully implementing the TCP/IP protocol in its bilateral communications 211 with the TCP data packet server 213 residing in the destination platform 212, requests a socket connection to the TCP server 213, and delivers the data packets received from the source platform 201 to the TCP data packet server 213 in the destination platform 212.

For the security of the overall one-way data transfer system 200, the IP address-to-channel number mapping table (e.g., Hostports.txt file) residing in the send node 204 may be different from the channel number-to-IP addressing mapping table (e.g., Portmap.txt file) residing in the receive node 208, and furthermore, neither table may be re-constructed on the basis of the other table. Neither table alone reveals the overall IP routing configuration from the source platform 201 to the destination platform 212. In this way, the IP information of the destination platform 212 may remain undisclosed to the sender at the source platform 201 and the security of the overall system 200 can be maintained.

Under the conventional TCP/IP protocol, the acknowledgement mechanism requiring bilateral communications provides may provide means for error detection. However, the one-way data link 207 forecloses such means. Instead, the one-way data transfer system 200 may assure data integrity by applying, for example, a hash algorithm such as MD5 to each data packet being transferred over the one-way data link 207. The send node 204 calculates an MD5 hash number associated with the content of each data packet to be sent to the receive node 208 over the one-way data link 207. When the receive node 208 receives the data packet, it may re-calculate a MD5 hash number associated with the received data packet and compare the result with the MD5 hash number calculated by the send node 204. By comparing these results, the receive node 208 may be able to determine as to whether any error has occurred during the transfer of the data packets across the one-way data link.

A similar configuration may be used to transfer files across a one-way data link under the TCP/IP protocol. FIG. 3 is a functional block diagram that schematically illustrates implementation of a TCP-based file transfer across a single one-way link 307 in a one-way data transfer system 300. Like the one-way data transfer system 200 for transferring data packets across a one-way link in FIG. 2, a TCP server proxy 305 fully implements the TCP/IP protocol in its bilateral communications 303 with the upstream TCP file client 302 residing in a source platform 301. The TCP server proxy 305 may reside within the send node 304 as shown in FIG. 3, or alternatively, may be separate from but coupled to the send node 304. After the TCP server proxy 305 receives files from the TCP file client 302, the send node 304 sends the files through its interface 306 to the one-way data link 307. After the receive node 308 receives the files through its interface 309 from the one-way data link 307, the TCP client proxy 310, which may or may not reside in the receive node 308, communicates under the full implementation of the TCP/IP protocol with a TCP file server 313 residing in a destination platform 312 and forwards the received files to the TCP file server 313.

Like the TCP-based data packet transfer system 200 in FIG. 2, the TCP-based file transfer system 300 may be configured to prohibit transmission of IP information across the one-way data link 307 and may instead require that predetermined IP routes be established at the time of the configuration of the system 300. The TCP server proxy 305 removes the associated IP information from the received files and replaces it with pre-assigned channel numbers. The send node 304 then sends the files with the pre-assigned channel numbers to the receive node 308 across the one-way data link 307. Upon receipt of the files, the TCP client proxy 310 then maps the channel numbers from the received files to the corresponding predetermined IP address of a destination platform 312, to which the files are forwarded.

FIG. 4 is a functional block diagram schematically illustrating one exemplary embodiment of the present invention. The system 400 illustrated in FIG. 4 comprises a reference database 401 and a remote database 412 that are interconnected by a one-way data transfer system based on a one-way data link 407 such as those described above for TCP-based data packet/file transfer illustrated in FIGS. 2 and 3 comprising (204, 207, 208), (304, 307, 308), respectively. There is no bilateral communication channel between the reference database 401 and the remote database 412. It is noted that the present invention may be implemented with a reference database and a remote database interconnected by a one-way data transfer system for other type of data transport protocol. In addition, in an alternative embodiment, there may be a plurality of reference databases and the corresponding number of remote databases that are interconnected by a one-way data transfer system. Additionally, each of the reference database 401 and the remote database 412 may be part of a larger network (i.e., a source network for the reference database and a destination network for the remote database), and the reference database 401 and the remote database 412 may be respectively coupled to the send node 404 and the receive node 408 indirectly through their respective network, as schematically illustrated in FIG. 1.

In FIG. 4, the reference database 401 may comprise one or more individual tables or databases. The reference database 401 (as well as the remote database 412) support basic database commands such as insert, delete and update so that data can be stored, added, deleted and updated in the database. Furthermore, any changes in the reference database 401 may be detected and read by a hardware or software application. The reference database 401 may be coupled to a send node 404 via a communication channel 403, which may be a bilateral channel capable of implementing TCP communication. As shown in the figure, the reference database 401 and the send node 404 may be on separate platforms in a network system, or alternatively, they may be configured within the same computing platform.

As explained above in the context of FIGS. 2 and 3, the send node 404 may comprise a TCP server proxy application 405 and an interface 406 to the one-way data link 407. The one-way data link 407 is for unidirectional transfer from the send node 404 to a receive node 408. Alternatively, the TCP server proxy may reside in a separate network device communicatively coupled to the send node 404. The TCP server proxy 405 is communicatively coupled to a database trigger client 402 via the communication channel 403.

The database trigger client 402 may be a software-based or hardware-based application that is capable of detecting a change made in the reference database 401 and further creating database update messages in the form of a file or a data packet in response to the change in the reference database. The database update message may correspond to a change or multiple changes in the reference database. For example, the database trigger client 402 may use or comprise a database management software based on Standard Query Language (SQL) commands for generating the files. Alternatively, the database trigger client 402 may use or generate Perl commands, Java commands, basic database commands, or any other suitable commands that can be interpreted and applied by a receiving side. As shown in FIG. 4, the database trigger client 402 may reside within the reference database 401, or alternatively reside in a separate network device communicatively coupled to the reference database.

On the other side of the one-way data link 407, the receive node 408 may comprise a TCP client proxy application 410 and an interface 409 to the one-way data link 407 through which the receive node 408 receives data from the send node 404. Similar to the TCP server proxy, the TCP client proxy may alternatively reside in a separate network device communicatively coupled to the receive node 408. The TCP client proxy 410 may be coupled to a database trigger server 413 via a bilateral TCP communication channel 411.

The database trigger server 413 may be a software-based or hardware-based application that is capable of receiving the database update messages transmitted through the one-way data link 407 and further updating the remote database 412 based on these received database update messages. The database trigger server 413 may further be capable of monitoring the sequence information of the received database update messages. The database trigger server 413 may also be capable of, for example, opening the received database update messages by a Java script application and execute SQL commands embedded in the received database update messages to effectuate the corresponding updates in the remote database 412.

As shown in FIG. 4, the database trigger server 413 may reside within the remote database 412, or alternatively reside in a separate network device communicatively coupled to the remote database. The remote database 412 may comprise one or more databases in which data can be stored, added, deleted and updated in accordance with a set of commands by a hardware- or software-based application. As shown in the figure, the remote database 412 and the receive node 408 may be on separate platforms in a network system, or alternatively, they may be configured within the same platform.

In FIG. 4, the occurrence of any changes to the content of the reference database 401 triggers the system 400 to communicate the changes to the remote database 412 across a one-way data link 407 so that the remote database 412 on the other side of the one-way data link 407 can be updated to mirror the reference database 401 in real time. The database update through a one-way data link may be done in the following way, but persons of ordinary skill will recognize that this is merely illustrative and not limitative of the present invention, and that steps and the sequence of those steps as well as components and applications used by those steps may vary from those described below in order to implement other possible embodiments of the present invention.

When changes to the entries in the reference database 401 occur, the changes trigger the database trigger client 402 associated with the reference database 401. Upon detecting the changes, the database trigger client 402 generates a database update message in the form of a file or a data packet corresponding to the changes in the reference database 401. For example, the database update message may comprise a set of commands describing the changes, which are to be ultimately executed in the remote database 412 to replicate the changes therein. The database commands (either primary or secondary) may be in the form of standard SQL commands, Perl commands, Java commands, basic database commands, or may comprise any other suitable proprietary language structure pertaining to that database that can be interpreted and applied by the receiving side of the one-way data link 407, such as the remote database 412. The database trigger client 402 may write these commands in a file.

In one exemplary embodiment of the present invention, changes made to an individual table in the reference database 401 trigger execution of a preconfigured set of commands to capture the data change in the reference database 401 (e.g., by reading the row data corresponding to the changed entry in a table of the reference database). Based on these commands, the database trigger client 402, generates a secondary set of commands, such as SQL commands, for replicating the changes on the remote database 412. The database trigger client 402 may then write the captured changed data entry (e.g., the corresponding row data) and the secondary commands to a database update message in the form of a uniquely named file to be transferred across the one-way data link 407.

When replicating the changes in the reference database 401 on the remote database 412, it is important to maintain the correct sequential order of the changes. To do so, the sequence information may be included in the database update messages corresponding to the changes. Preferably, the database trigger client 402 is capable of generating database update messages that reflect the correct sequential order of the changes. As one example, the database update messages in the form of, for example, files created by the database trigger client 402 in response to the changes in the reference database 401 may be assigned corresponding unique and sequentially sortable filenames. Unique filenames may also prevent any accidental overwriting of files during multiple file transfers. For example, in some embodiments of the present invention, a filename may include a “counter” or a sequence number which can be incremented upwards with each successive update and file writing operation (e.g., operation001, operation002, operation003, etc.), thereby ensuring uniqueness and sequential sortability in the filename. Alternatively, a filename may achieve uniqueness and sortability by including timestamp information. In this way, the database update messages may be sequentially ordered by their corresponding filenames. The sequential sorting of the database update messages may be done prior to their transmission across the one-way data link 407, or alternatively upon their receipt by the database trigger server 413.

In some embodiments, the database update messages created and sequentially ordered by the database trigger client 402 may be copied and cached by the database trigger client 402 or other application residing on the send side of the one-way data link 407. The cached database update messages may be used for a number of diagnostic functions, including constructing the changes on a secondary database on the send side of the one-way data link 407 to check the accuracy of the update commands in the database update messages. Alternately, the cached database update messages may be re-transmitted over the one-way data link 407 to the receive side of the one-way data link as part of a recovery procedure in case of a communication failure during the first attempt at database update.

In some cases, it may be advantageous to “lock” the reference database 401 to prevent other users from accessing the reference database during the database updating process. By “locking” the database, the potential sequencing conflicts arising from simultaneous changes on the database by multiple users or processes may be prevented. The database may be “unlocked” after the assignment of the sequence information to the database update message corresponding to the change, or alternatively after the transmission of the database update messages to the receive node 408 through the one-way data link 407. This allows the changes made by multiple simultaneous users of the reference database 401 to be replicated to the remote database 412 in proper sequence.

The database trigger client 402 may utilize the functionality of the conventional database update applications to generate the database update messages corresponding to the changes in the reference database 401. As noted above, the conventional database update applications typically require bilateral communications to effectuate updates in a target database. While such conventional applications may not be able to operate directly through the one-way data link 407, they can be implemented through the interposition of, for example, the TCP server proxy 405 and the TCP client proxy 410, which are capable of simulating fully bilateral TCP communications via bilateral communication channels 403, 411 with the database trigger client 402 and the database trigger server 413, respectively. Preferably, the TCP server proxy 405 and TCP client proxy 410 are configured to optimally utilize the functionalities of the conventional database update application used by the database trigger client 402 and the database trigger server 413.

The database update messages corresponding to the changes in the reference database 401 that are created by the database trigger client 402 are then sent to the send node 404, which then transfers the database update messages to the one-way data link 407 through the interface 406. These database update messages are then received by the receive node 408 through its interface 409 to the one-way data link 407, and communicated to the database trigger server 413 associated with the remote database 412.

The database trigger server 413 may be configured to monitor and validate the sequence information contained in the database update messages received from the database trigger client 402. Once the sequential sorting of the database update messages based on the sequence information is complete (either by the database trigger client 402 or by the database trigger server 413 or by both), the database trigger server 413 opens the received database update messages and execute/read the database update commands/information contained therein in accordance with the sequential order. For example, in some embodiments of the present invention, the database trigger server 413 opens the database update message generated by the database trigger client 402 by using a preconfigured Java script application and executes the SQL commands embedded in the database update message to replicate the corresponding changes (e.g., the row data corresponding to the changes) on the remote database 412. The database trigger server 413 executes the changes to be implemented in the remote database 412, preferably in the same sequence as those initially made at the reference database 401. In this way, the system 400 in FIG. 4 may update in real time the remote database 412 to reflect any changes made in the reference database 401 through the one-way data link 407.

Additionally, some embodiments of the present invention may further incorporate means for verifying the integrity and real-time operability a one-way data link in conjunction with the database update function. Because of the unidirectionality of data flow enforced in the one-way data link, the conventional verification techniques such as “handshakes” and feedback messages requiring bilateral communications may not be applied. Instead, a verification mechanism based on the unidirectionality of data flow through a one-way data link is needed.

One such verification mechanism may be provided, for example, in the context of FIG. 4, by transmission of “heartbeat” messages. The heartbeat messages may be transmitted from the send side to the receive side through a one-way data link at predetermined intervals, whether or not there are any database updates, to verify the integrity and operability of the one-way data link. In some embodiments of the present invention, the heartbeat messages are generated by the database trigger client 402 associated with the reference database 401 to be ultimately received by the database trigger server 413 associated with the remote database 412. However, it is noted that the present invention does not necessarily restrict the generator and the receiver of the heartbeat messages to the database trigger client 402 and server 413. Under the present invention, they may be a pair of any other components or devices on the send and the receive sides, respectively, in the system, such as the TCP server proxy 405 and the TCP client proxy 410.

The heartbeat message may take any suitable form that can be interpreted by a receiver of the message. For example, the heartbeat messages may comprise a predetermined content known by the remote database 412. By monitoring the arrival of the heartbeat messages from the send side of the one-way data link such as the reference database 401 and comparing them to the expected arrival time and/or the predetermined content, the remote database 412 may be able to verify the integrity and operability of one-way data link 407 for the purpose of database update function. In some embodiments of the present invention, the heartbeat messages may also include the database update messages created by the database trigger client 402 in response to changes in the reference database 401.

In one illustrative example of using the heartbeat messages, a hardware or software-based application on the send side such as the database trigger client 402 or the TCP server proxy 405, issues heartbeat messages at predetermined intervals. As noted above, the corresponding heartbeat message may comprise a predetermined content known to or understood by the remote database 412. In some embodiments of the present invention, each heartbeat message may be implemented in database scripts to provide the corresponding timestamp data which can be tracked by the receive side. In other alternative embodiments of the present invention, if there have been changes in the reference database 401 since the last time a heartbeat message was issued, the next heartbeat message may include database update messages created by the database trigger client 402 in response to those changes.

The heartbeat messages are then transmitted by the send node 404 to the receive node 408 through the one-way data link 407 and ultimately to a hardware- or software-based application on the receive side, such as the database trigger server 413 or the TCP client proxy 410. The application monitors the arrival of the heartbeat messages. If the expected heartbeat message arrives at the expected time, the remote database 412 may, for example, reset its internal timer for the next expected heartbeat message and discard the received heartbeat message. On the other hand, if no heartbeat message is received at the predetermined interval, or if heartbeat messages arrive at irregular intervals or out of sequence, or if the received heartbeat message does not match the predetermined content, such unexpected event may trigger a need to communicate that event to, for example, an administrator of the remote database 412. For example, the application may flag a warning indicator or generate an error message that the integrity and operability of the one-way data link 407 or other components involved in the database update process might have been compromised, and then may further initiate an appropriate recovery procedure. For example, a communication failure detected by the lost or improper heartbeat may be recovered by re-transmitting any SQL commands issued by the database trigger client 402 since the last verifiable heartbeat message was received by the remote database 412, based on its timestamp information. In some embodiments of the present invention, upon detecting failure of receiving the expected heartbeat message from the database trigger client 402, the database trigger server 413 may insert a special log message into a database table on the remote database 412 that may be monitored by an administrator

In another alternative embodiments where a TCP client proxy 410 is the designated receiver of heartbeat messages generated by the TCP server proxy 405, upon detecting failure of receiving the expected heartbeat message, the TCP client proxy 410 may generate special SNMP trap messages, or other suitable types of reporting messages created by a user-defined script file, to get the attention of an administrator of the remote database 412.

When the heartbeat message received by the application on the receive side includes database update messages corresponding to the changes made in the reference database 401, the application first verifies the integrity and operability of the one-way data link 407 and other components involved in the database update process by, for example, checking the sequencing or timestamp information contained in the received heartbeat message. Upon verification, the application may forward the database update messages to the database trigger server 413 to implement the changes in the remote database 412 in accordance with the database update messages. As noted above, in some embodiments of the present invention, the application may reside within or be part of the database trigger server 413 so that the replication of the changes to the remote database 412 immediately follows the verification process.

While this invention has been described in conjunction with exemplary embodiments outlined above and illustrated in the drawings, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the exemplary embodiments of the invention, as set forth above, are intended to be illustrative, not limiting, and the spirit and scope of the present invention is to be construed broadly and limited only by the appended claims, and not by the foregoing specification.

INVENTORS:

Holmes, Andrew, Mraz, Ronald, Hope, James

THIS PATENT IS REFERENCED BY THESE PATENTS:

Patent	Priority	Assignee	Title
10142289,	Mar 27 2018	OWL Cyber Defense Solutions, LLC	Secure interface for a mobile communications device
10171422,	Apr 14 2016	OWL Cyber Defense Solutions, LLC	Dynamically configurable packet filter
10218586,	Jan 23 2013	OWL Cyber Defense Solutions, LLC	System and method for enabling the capture and securing of dynamically selected digital information
10346384,	Nov 22 2016	SAP SE	Efficient database multi-version concurrency control
10346430,	Dec 23 2010	MONGODB, INC	System and method for determining consensus within a distributed database
10366100,	Jul 26 2012	MONGODB, INC	Aggregation framework system architecture and method
10394822,	Sep 25 2015	MONGODB, INC	Systems and methods for data conversion and comparison
10423626,	Sep 25 2015	MONGODB, INC	Systems and methods for data conversion and comparison
10430433,	Sep 25 2015	MONGODB, INC	Systems and methods for data conversion and comparison
10489357,	Dec 15 2015	MongoDB, Inc.	Systems and methods for automating management of distributed databases
10496669,	Jul 02 2015	MONGODB, INC	System and method for augmenting consensus election in a distributed database
10572505,	Dec 23 2010	MongoDB, Inc.	Method and apparatus for maintaining replica sets
10614098,	Dec 23 2010	MONGODB, INC	System and method for determining consensus within a distributed database
10621050,	Jun 27 2016	MONGODB, INC	Method and apparatus for restoring data from snapshots
10621200,	Dec 23 2010	MongoDB, Inc.	Method and apparatus for maintaining replica sets
10671496,	May 31 2016	MONGODB, INC	Method and apparatus for reading and writing committed data
10673623,	Sep 25 2015	MONGODB, INC	Systems and methods for hierarchical key management in encrypted distributed databases
10698775,	May 31 2016	MONGODB, INC	Method and apparatus for reading and writing committed data
10713275,	Jul 02 2015	MONGODB, INC	System and method for augmenting consensus election in a distributed database
10713280,	Dec 23 2010	MONGODB, INC	Systems and methods for managing distributed database deployments
10740353,	Dec 23 2010	MONGODB, INC	Systems and methods for managing distributed database deployments
10740355,	Apr 01 2011	MongoDB, Inc.	System and method for optimizing data migration in a partitioned database
10776220,	Jun 27 2016	MONGODB, INC	Systems and methods for monitoring distributed database deployments
10846305,	Dec 23 2010	MongoDB, Inc.	Large distributed database clustering systems and methods
10846411,	Sep 25 2015	MONGODB, INC	Distributed database systems and methods with encrypted storage engines
10866868,	Jun 20 2017	MONGODB, INC	Systems and methods for optimization of database operations
10872095,	Jul 26 2012	MONGODB, INC	Aggregation framework system architecture and method
10897414,	Jul 15 2019	Saudi Arabian Oil Company	Method for providing high-availability services on one-way data diode
10963447,	Jun 16 2015	Verizon Patent and Licensing Inc	Automatic lock removal method for scalable synchronization in dynamic data structures
10977277,	Dec 23 2010	MONGODB, INC	Systems and methods for database zone sharding and API integration
10990590,	Jul 26 2012	MongoDB, Inc.	Aggregation framework system architecture and method
10990737,	Apr 23 2019	OWL Cyber Defense Solutions, LLC	Secure one-way network gateway
10997211,	Dec 23 2010	MONGODB, INC	Systems and methods for database zone sharding and API integration
11086704,	Apr 28 2017	Honeywell International Inc.; Honeywell International Inc	Inferred detection of data replication errors of source applications by enterprise applications
11086846,	Jan 23 2019	VMware LLC	Group membership and leader election coordination for distributed applications using a consistent database
11222043,	Dec 23 2010	MongoDB, Inc.	System and method for determining consensus within a distributed database
11251898,	Sep 29 2017	Siemens Aktiengesellschaft	Device and method for the unidirectional transmission of data
11288282,	Sep 25 2015	MongoDB, Inc.	Distributed database systems and methods with pluggable storage engines
11394532,	Sep 25 2015	MongoDB, Inc.	Systems and methods for hierarchical key management in encrypted distributed databases
11403317,	Jul 26 2012	MONGODB, INC	Aggregation framework system architecture and method
11477048,	Jan 15 2021	BlackBear (Taiwan) Industrial Networking Security Ltd.	Communication method for one-way transmission based on VLAN ID and switch device using the same
11481289,	May 31 2016	MongoDB, Inc.	Method and apparatus for reading and writing committed data
11496233,	Dec 23 2020	BlackBear (Taiwan) Industrial Networking Security Ltd.	Communication system and communication method for one-way transmission
11520670,	Jun 27 2016	MongoDB, Inc.	Method and apparatus for restoring data from snapshots
11537482,	May 31 2016	MongoDB, Inc.	Method and apparatus for reading and writing committed data
11539756,	Oct 23 2020	BlackBear (Taiwan) Industrial Networking Security Ltd.	Switch device for one-way transmission
11544154,	Jun 27 2016	MongoDB, Inc.	Systems and methods for monitoring distributed database deployments
11544284,	Jul 26 2012	MONGODB, INC	Aggregation framework system architecture and method
11544288,	Dec 23 2010	MONGODB, INC	Systems and methods for managing distributed database deployments
11575652,	Dec 18 2020	BlackBear (Taiwan) Industrial Networking Security Ltd.	Communication system and communication method for one-way transmission
11611409,	Jun 14 2021	BlackBear (Taiwan) Industrial Networking Security Ltd.	Communication system and communication method for reporting compromised state in one-way transmission
11615115,	Dec 23 2010	MONGODB, INC	Systems and methods for managing distributed database deployments
11907745,	Jan 23 2019	VMware LLC	Methods and systems for securely and efficiently clustering distributed processes using a consistent database
11991185,	Feb 14 2022	BlackBear (Taiwan) Industrial Networking Security Ltd.	Method for secure data transmission and system using the same
8737910,	Aug 31 2007	BANK OF AMERICA, N A , AS SUCCESSOR COLLATERAL AGENT	Radio receiver and method for receiving and playing signals from multiple broadcast channels
8776254,	Jan 23 2013	OWL Cyber Defense Solutions, LLC	System and method for the secure unidirectional transfer of software and software updates
8812683,	Aug 03 2007	EMC Corporation	Service scripting framework
9081520,	Dec 22 2010	OWL Cyber Defense Solutions, LLC	Remote print file transfer and spooling application for use with a one-way data link
9088558,	Aug 21 2013	OWL Cyber Defense Solutions, LLC	Secure one-way interface for OPC data transfer
9306953,	Feb 19 2013	OWL Cyber Defense Solutions, LLC	System and method for secure unidirectional transfer of commands to control equipment
9311329,	Jun 05 2014	OWL Cyber Defense Solutions, LLC	System and method for modular and continuous data assurance
9380023,	May 13 2013	OWL Cyber Defense Solutions, LLC	Enterprise cross-domain solution having configurable data filters
9436825,	Mar 25 2014	OWL Cyber Defense Solutions, LLC	System and method for integrity assurance of partial data
9569469,	Jul 26 2013	Honeywell International Inc.; Honeywell International Inc	Methods and systems for providing intuitive direction for populating complex model content into a database
9575987,	Jun 23 2014	OWL Cyber Defense Solutions, LLC	System and method for providing assured database updates via a one-way data link
9613082,	Sep 30 2013	International Business Machines Corporation	Database auditing for bulk operations
9619509,	Sep 30 2013	International Business Machines Corporation	Database auditing for bulk operations
9672228,	Mar 11 2013	Honeywell International Inc.	Methods and systems for creating a complex user interface adapting a generic database software application to individually manage subset domains in complex database
9680794,	Sep 04 2013	OWL Cyber Defense Solutions, LLC	Secure one-way interface for archestra data transfer
9703821,	Sep 30 2013	International Business Machines Corporation	Database auditing for bulk operations
9736121,	Jul 16 2012	OWL Cyber Defense Solutions, LLC	File manifest filter for unidirectional transfer of files
9774652,	Dec 13 2013	SAP SE	Systems to provide database updates
9853918,	Mar 24 2015	OWL Cyber Defense Solutions, LLC	One-way network interface
9880869,	Jan 13 2015	OWL Cyber Defense Solutions, LLC	Single computer-based virtual cross-domain solutions

THIS PATENT REFERENCES THESE PATENTS:

Patent	Priority	Assignee	Title
4672601,	Dec 06 1984	Motorola, Inc.	Duplex interconnect/dispatch trunked radio system
5282200,	Dec 07 1992	Alcatel Network Systems, Inc.	Ring network overhead handling method
5703562,	Nov 20 1996	Sandia National Laboratories	Method for transferring data from an unsecured computer to a secured computer
5769527,	Jul 17 1986	VARI-LITE, INC	Computer controlled lighting system with distributed control resources
5983332,	Jul 01 1996	Oracle America, Inc	Asynchronous transfer mode (ATM) segmentation and reassembly unit virtual address translation unit architecture
6108787,	Mar 31 1995	The Commonwealth of Australia	Method and means for interconnecting different security level networks
6178427,	May 07 1998	CA, INC	Method of mirroring log datasets using both log file data and live log data including gaps between the two data logs
6262993,	Nov 03 1997	AMADATA, INC	Computer and peripheral networking device permitting the practical use of buffer insertion-based networks while communicating over unshielded twisted pair conductive media
6415329,	Mar 06 1998	Massachusetts Institute of Technology	Method and apparatus for improving efficiency of TCP/IP protocol over high delay-bandwidth network
6529917,	Aug 14 2000	Verizon Patent and Licensing Inc	System and method of synchronizing replicated data
6546422,	Jul 02 1998	NEC Corporation	Caching of network contents by packet relays that determine cache priority utilizing contents access frequency and metrics in their routing tables representing relaying path lengths
6578022,	Apr 18 2000	BYTEWEAVR, LLC	Interactive intelligent searching with executable suggestions
6609183,	Feb 23 1999	EMC IP HOLDING COMPANY LLC	Method and system for mirroring and archiving mass storage
6665268,	Aug 31 1999	Fujitsu Limited	Load testing apparatus, computer readable recording medium for recording load test program, fault diagnosis apparatus, and computer readable recording medium for recording fault diagnosis program
6728213,	Mar 23 2001	GLOBALFOUNDRIES U S INC	Selective admission control in a network device
6745209,	Aug 15 2001	RPX Corporation	Synchronization of plural databases in a database replication system
6792432,	Mar 31 1998	SYBASE, Inc.	Database system with methods providing high-concurrency access in B-Tree structures
6807166,	Aug 05 1998	GOOGLE LLC	Gateway for internet telephone
6988148,	Jan 19 2001	Cisco Technology, Inc	IP pool management utilizing an IP pool MIB
7016085,	Aug 31 2001	HEWLETT-PACKARD DEVELOPMENT COMPANY L P	Remote proofing service adaptively isolated from the internet
7095739,	Nov 25 2003	Cisco Technology, Inc.	Reliable multicast communication
7246156,	Jun 09 2003	IDEFENDER, LLC	Method and computer program product for monitoring an industrial network
7260833,	Jul 18 2003	The United States of America as represented by the Secretary of the Navy	One-way network transmission interface unit
7339929,	Aug 23 2002	CORRIGENT CORPORATION	Virtual private LAN service using a multicast protocol
7356581,	Apr 18 2001	Hitachi, Ltd.	Storage network switch
7370025,	Dec 17 2002	Veritas Technologies LLC	System and method for providing access to replicated data
7389323,	Jan 23 2002	Murata Kikai Kabushiki Kaisha	Communication device and program
7403946,	Oct 01 1999	Accenture Global Services Limited	Data management for netcentric computing systems
7440424,	Jun 19 2003	Samsung Electronics Co., Ltd.	Apparatus and method for detecting duplicate IP addresses in mobile ad hoc network environment
7454366,	Nov 19 2001	Sony Corporation	Product management system and method
7512116,	Aug 05 1998	GOOGLE LLC	Gateway for internet telephone
7529943,	Apr 16 2003	Juniper Networks, Inc.; Juniper Networks, Inc	Systems and methods for end-to-end resource reservation authentication
7720903,	Aug 31 2000	Intel Corporation	Client messaging in multicast networks
20010027453,
20020003640,
20020029281,
20020118671,
20030058810,
20030119568,
20030195932,
20030225798,
20040058710,
20040103199,
20040236874,
20050033990,
20050055382,
20050055385,
20050193024,
20050201373,
20050216520,
20050259587,
20060114566,
20060153092,
20060153110,
20060173850,
20060209719,
20070019683,
20070223158,
20090024612,
WO2004105297,

ASSIGNMENT RECORDS Assignment records on the USPTO

//////////

Executed on	Assignor	Assignee	Conveyance	Frame	Reel	Doc
Apr 19 2007		Owl Computing Technologies, Inc.	(assignment on the face of the patent)
Jun 26 2007	HOLMES, ANDREW	OWL COMPUTING TECHNOLOGIES, INC	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	019538	0651	pdf
Jun 27 2007	HOPE, JAMES	OWL COMPUTING TECHNOLOGIES, INC	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	019538	0651	pdf
Jun 29 2007	MRAZ, RONALD	OWL COMPUTING TECHNOLOGIES, INC	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	019538	0651	pdf
Jan 31 2017	OWL COMPUTING TECHNOLOGIES, INC	BANK OF AMERICA, N A	SECURITY INTEREST SEE DOCUMENT FOR DETAILS	041136	0223	pdf
Feb 03 2017	OWL COMPUTING TECHNOLOGIES, INC	Owl Computing Technologies, LLC	CORRECTIVE ASSIGNMENT TO CORRECT TO REMOVE THIS DOCUMENT SERVES AS AN OATH DECLARATION 37 CFR 1 63 FROM THE COVER SHEET PREVIOUSLY RECORDED AT REEL: 041765 FRAME: 0034 ASSIGNOR S HEREBY CONFIRMS THE MERGER EFFECTIVE DATE 02 03 2017	042344	0033	pdf
Feb 03 2017	OWL COMPUTING TECHNOLOGIES, INC	Owl Computing Technologies, LLC	MERGER SEE DOCUMENT FOR DETAILS	041765	0034	pdf
Jun 02 2017	Owl Computing Technologies, LLC	OWL Cyber Defense Solutions, LLC	CHANGE OF NAME SEE DOCUMENT FOR DETAILS	042902	0582	pdf
Jul 23 2020	OWL Cyber Defense Solutions, LLC	OWL Cyber Defense Solutions, LLC	MERGER AND CHANGE OF NAME SEE DOCUMENT FOR DETAILS	060978	0964	pdf
Jul 23 2020	Tresys Technology, LLC	OWL Cyber Defense Solutions, LLC	MERGER AND CHANGE OF NAME SEE DOCUMENT FOR DETAILS	060978	0964	pdf

MAINTENANCE FEES AND DATES: Maintenance records on the USPTO

Date	Maintenance Fee Events
Apr 08 2016	M2551: Payment of Maintenance Fee, 4th Yr, Small Entity.
Jul 07 2020	BIG: Entity status set to Undiscounted (note the period is included in the code).
Jul 07 2020	M1552: Payment of Maintenance Fee, 8th Year, Large Entity.
Mar 27 2024	M1553: Payment of Maintenance Fee, 12th Year, Large Entity.

Date	Maintenance Schedule
Jan 08 2016	4 years fee payment window open
Jul 08 2016	6 months grace period start (w surcharge)
Jan 08 2017	patent expiry (for year 4)
Jan 08 2019	2 years to revive unintentionally abandoned end. (for year 4)
Jan 08 2020	8 years fee payment window open
Jul 08 2020	6 months grace period start (w surcharge)
Jan 08 2021	patent expiry (for year 8)
Jan 08 2023	2 years to revive unintentionally abandoned end. (for year 8)
Jan 08 2024	12 years fee payment window open
Jul 08 2024	6 months grace period start (w surcharge)
Jan 08 2025	patent expiry (for year 12)
Jan 08 2027	2 years to revive unintentionally abandoned end. (for year 12)